CVE-2025-61808Unrestricted File Upload in Adobe Coldfusion

CWE-434Unrestricted File Upload4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
1.0%
top 23.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedDec 10

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5adobe/coldfusion2021.22
NVDadobe/coldfusion2021, 2023, 2025+2

🔴Vulnerability Details

2
GHSA
GHSA-g96j-73c3-2r7f: ColdFusion versions 20252025-12-10
CVEList
ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2025-61808 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-61808 — Unrestricted File Upload in Adobe | cvebase